MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8076ade469725fb5e2b888de4de7f06233016247e435ab43d89739f29ba6f9f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8076ade469725fb5e2b888de4de7f06233016247e435ab43d89739f29ba6f9f9
SHA3-384 hash: a9c4e13548537189154f9fe4762ae6dabb1972e5d5d6fb7eb55162c47faa25eb42b81e105232a4e893119f4f19b49245
SHA1 hash: 6de07b0f4aa45ea9cfcf774bee3f1f554b3ed2b8
MD5 hash: a44fbc10cf73b691bf6f9bae013a72a2
humanhash: foxtrot-don-cup-river
File name:CICU3023853·PDF.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'867'264 bytes
First seen:2023-08-03 07:14:09 UTC
Last seen:2023-08-03 08:45:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:MPfB7jCawKxfiEQfBVBfcspe2q6TeGNea3gHwVL:gQpflMN6TeGoW
Threatray 5'547 similar samples on MalwareBazaar
TLSH T17C857CA16A52250FE21A2272D072B7584354CFF94A76EB4EBC04B25E8B337C75E35D83
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon b270e4b2d861b0e0 (11 x AveMariaRAT, 10 x AgentTesla, 2 x XFilesStealer)
Reporter abuse_ch
Tags:AgentTesla exe scr

Intelligence

File Origin
# of uploads :
2
# of downloads :
284
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
CICU3023853·PDF.scr
Verdict:
Malicious activity
Analysis date:
2023-08-03 07:27:04 UTC
Tags:
stealer agenttesla
Link:
https://app.any.run/tasks/75409b77-d72a-4c6f-9f08-e98b512c7c77

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/440009/
Detection(s):
SecuriteInfo.com.Trojan.Mardom.MN.13.10118.8858.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a UDP request
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Mardom.MN.Generic
Link:
https://www.hybrid-analysis.com/sample/8076ade469725fb5e2b888de4de7f06233016247e435ab43d89739f29ba6f9f9
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/fe628153-a4c1-49ea-8409-b657883bccd8
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1284909
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Uses ipconfig to lookup or modify the Windows network settings
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8076ade469725fb5e2b888de4de7f06233016247e435ab43d89739f29ba6f9f9/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2023-08-02 23:43:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
38
AV detection:
21 of 37 (56.76%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qb3k3zdjojp3lyvyrdpe3z7qmizqcysh4q22wq6ys447fg5g7h4q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0ed77fd89bf16db78b75431e59d9e15c2a284563cb77bc69d49a45823accca80
AgentTesla
1b91aa318e9c011abed18662e8c577ddcb12499de26e2fd19bfb4a4ea81f7450
AgentTesla
346819703871e4709fedc019c2ff077dc7976162e25bd7edf75bc62708b769d7
AgentTesla
3c94a2599ff2c5b3103ac608e578a7ee477527097cd19e0f1e64d38d5366eae1
AgentTesla
533522ee0e78efec4fd818e102051957fb0c93cbf8aa2adee2a3159c47d5ad30
AgentTesla
696e61d463de9a976ba014bed15d1a627c9644d1ae8080aa1be7dc2e03acf5ae
AgentTesla
8b5d0256e791d798c930f8222b03609805f1bf08c2fb58cf8f777ee09c0e273b
AgentTesla
bfde4e4d95b159f2567c39229e702fc4bba9c53dbd579855ce487794a6759aa0
AgentTesla
e4bf2c0f2c23c761983ab4c03f287d5692a1446a3087bf043d7fefde261b8e6f
AgentTesla
+ 5'537 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/230803-h287padb5x/
Behaviour
Gathers network information
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
8076ade469725fb5e2b888de4de7f06233016247e435ab43d89739f29ba6f9f9
MD5 hash:
a44fbc10cf73b691bf6f9bae013a72a2
SHA1 hash:
6de07b0f4aa45ea9cfcf774bee3f1f554b3ed2b8
Link:
https://www.unpac.me/results/a9d89ee3-ce65-44f0-b57c-19a7fb303658/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8076ade46972/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 8076ade469725fb5e2b888de4de7f06233016247e435ab43d89739f29ba6f9f9

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/440009/

Comments